The present invention relates generally to information processing on a computer network, and, more particularly, to methods and systems for providing protected remote access to an information technology infrastructure.
A large number of businesses and individual users use portable computing devices, such as laptop computers and hand-held devices, that are moved frequently and that can connect into more than one network. Users now have laptop computers that are connected to a corporate network during the day and to a home network during the evening. Many users also have home computers that are remotely connected to various organizations from time to time through wide-area networks, including the Internet. The number of computing devices and the number of networks that have these devices connected to the network, have increased dramatically in recent years. Users are also using the Internet to remotely connect to a number of different systems and networks. A user may connect his or her home computer to a corporate network through a virtual private network (VPN), which creates a secure session between the home computer and the corporation's network.
As more computers are connecting to a number of different networks, a new set of challenges face network administrators and individual users alike. Previously closed computing environments are now opening to a worldwide network of computer systems. Specific challenges include attacks by perpetrators capable of damaging the local computer systems, stealing proprietary data and programs, unauthorized access to external data, infiltration by viruses, and employee abuse of business computer resources.
A mechanism traditionally used to address several of the challenges is a firewall product. Traditional firewall products guard a boundary or gateway between a local network, such as a corporate network and a larger network, such as the Internet. These products primarily regulate traffic between physical networks by establishing and enforcing rules that regulate access based upon the type of access request, the source requesting access, the connection port to be accessed, and other factors. One of the implications of the increasing number of devices occasionally connected to different networks is that traditional corporate firewall technologies are no longer effective. A corporate firewall provides some degree of protection when a device is connected to that particular corporate network, but it provides no protection when the device is connected to other networks. Additionally, a traditional firewall may not protect against intrusions originating from a remote device that is connected to a corporate network.
Another protection measure implemented by many users and administrators is to install an anti-virus application on their machines to provide protection against infiltration by viruses. An anti-virus application typically includes an engine that has a database or repository of virus information that enables identification of viruses and other malicious code. At specified intervals, the antivirus engine will scan the computer system to detect any files that match known virus signatures.
Although anti-virus products provide considerable protection to the user and administrators of computer systems and networks, several problems remain. One problem is that if a remote client machine connected to a corporate network through a VPN gateway is infected with a virus, it may infect other machines on the same network. An infected computer that is connected to a corporate local area network (LAN) may put the entire network at risk. The computer may be infected with a virus that intentionally tries to spread itself to other machines in the network. One machine that is not running the correct anti-virus engine or is not equipped with current virus signature definitions may jeopardize the security of the entire network. Ensuring that machines are running current anti-virus programs is particularly important, as virus issues are very time sensitive. It becomes critical, therefore, to promptly update anti-virus applications on all machines in a network in a timely fashion before the network is infiltrated by a newly released virus.
Microsoft Corporation has developed the remote quarantine service (RQS) for the purpose of allowing computers to connect to a remote access server without giving them full access to the network until the computer can be inspected. This service works in conjunction with a remote quarantine client (RQC) to release a computer in quarantine once it has been inspected. Currently, Microsoft and other vendors do not offer a mechanism to perform a client inspection. The present invention was developed to perform remote client inspection and makes use of the remote quarantine service and the remote quarantine client.